lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <1340988354-26981-6-git-send-email-vincent.sanders@collabora.co.uk> Date: Fri, 29 Jun 2012 17:45:44 +0100 From: Vincent Sanders <vincent.sanders@...labora.co.uk> To: netdev@...r.kernel.org, linux-kernel@...r.kernel.org, "David S. Miller" <davem@...emloft.net> Cc: Javier Martinez Canillas <javier.martinez@...labora.co.uk>, Vincent Sanders <vincent.sanders@...labora.co.uk> Subject: [PATCH net-next 05/15] security: selinux: Add AF_BUS socket SELinux hooks From: Javier Martinez Canillas <javier.martinez@...labora.co.uk> Add Security-Enhanced Linux (SELinux) hook for AF_BUS socket address family. Signed-off-by: Javier Martinez Canillas <javier.martinez@...labora.co.uk> Signed-off-by: Vincent Sanders <vincent.sanders@...labora.co.uk> --- security/selinux/hooks.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4ee6f23..5bacbe2 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -67,6 +67,7 @@ #include <linux/quota.h> #include <linux/un.h> /* for Unix socket types */ #include <net/af_unix.h> /* for Unix socket types */ +#include <net/af_bus.h> /* for Bus socket types */ #include <linux/parser.h> #include <linux/nfs_mount.h> #include <net/ipv6.h> @@ -4101,6 +4102,39 @@ static int selinux_socket_unix_may_send(struct socket *sock, &ad); } +static int selinux_socket_bus_connect(struct sock *sock, struct sock *other, + struct sock *newsk) +{ + struct sk_security_struct *sksec_sock = sock->sk_security; + struct sk_security_struct *sksec_other = other->sk_security; + struct sk_security_struct *sksec_new = newsk->sk_security; + struct common_audit_data ad; + struct lsm_network_audit net = {0,}; + int err; + + ad.type = LSM_AUDIT_DATA_NET; + ad.u.net = &net; + ad.u.net->sk = other; + + err = avc_has_perm(sksec_sock->sid, sksec_other->sid, + sksec_other->sclass, + UNIX_STREAM_SOCKET__CONNECTTO, &ad); + if (err) + return err; + + /* server child socket */ + sksec_new->peer_sid = sksec_sock->sid; + err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid, + &sksec_new->sid); + if (err) + return err; + + /* connecting socket */ + sksec_sock->peer_sid = sksec_new->sid; + + return 0; +} + static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family, u32 peer_sid, struct common_audit_data *ad) @@ -5643,6 +5677,7 @@ static struct security_operations selinux_ops = { .unix_stream_connect = selinux_socket_unix_stream_connect, .unix_may_send = selinux_socket_unix_may_send, + .bus_connect = selinux_socket_bus_connect, .socket_create = selinux_socket_create, .socket_post_create = selinux_socket_post_create, -- 1.7.10 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists